Security teams drowning in alerts may finally get relief. Aptori has launched AI Triage, a new agent that validates vulnerabilities deterministically, cutting alert queues from hundreds of thousands to the few that actually matter.

For years, enterprises have struggled with the same security bottleneck: vulnerability scanners and static analysis tools generate massive lists of potential issues, most of which turn out to be irrelevant. Developers grow frustrated, security teams burn time chasing false alarms, and genuine risks can get buried. With AI accelerating code creation, the problem has only grown worse.

Aptori, a San Francisco–based security startup, believes it has a fix. Its newly released AI Triage agent applies reasoning to security findings the way a human developer would, tracing data and control flows in code to determine if a vulnerability is truly exploitable. The approach moves security validation from “probabilistic scoring” to deterministic analysis—a shift the company argues is essential for enterprises trying to secure software in the AI era.

From Noisy Alerts to Validated Findings

Traditional application security testing (AST) and application security posture management (ASPM) tools rely on heuristics. If a scanner spots SQL-like code or a variable with unsafe naming, it raises a flag—regardless of whether the value was sanitized or the code path is actually reachable. That can leave organizations with six-figure alert queues and little clarity on which ones matter.

AI Triage changes the workflow. Instead of handing off lists of “possible issues,” the agent steps through flagged findings line by line, reasoning through program flow. If it can prove exploitability, the issue remains. If not, it’s discarded. Aptori says this reduces vulnerability lists to a handful of confirmed items, each backed by explainable evidence such as call chains and parameter lineage.

For developers, that means fewer distractions and clearer context. For CISOs, it means findings that are repeatable and auditable—a critical factor for compliance and governance.

Enterprise Impact

Early deployments at Fortune 50 companies suggest the time savings could be dramatic. Queues of 100,000 alerts have reportedly been cut to single digits. Security teams reclaim weeks of manual review, while development teams avoid churn on false positives. The downstream effect is faster remediation and improved collaboration across roles.

Aptori’s founder and CEO, Sumeet Singh, frames it as more than just a productivity boost. “Legacy tools flood teams with findings, many of them false positives. The result is paralysis: real issues remain hidden beneath an avalanche of alerts. When the attack surface is shifting as fast as AI now enables, time wasted on noise is a luxury no organization can afford,” he said.

Built for Modern Workflows

AI Triage is designed to fit directly into existing pipelines. It integrates with GitHub, GitLab, and Azure DevOps so developers get feedback in context, while CISOs can consume results through ASPM dashboards. For organizations experimenting with coding assistants, Aptori also supports the Model Context Protocol, making AI Triage accessible through tools like Claude Code and Gemini CLI.

Importantly, results are not just faster but deterministic—meaning repeatable, testable, and complete. That gives enterprise leaders confidence that no exploitable flaw has been missed, even as software supply chains expand and AI-generated code becomes mainstream.

Looking Ahead

Aptori’s launch highlights a growing demand for security tools that match the pace of AI-driven software delivery. The industry has long debated whether automated scanners create more noise than value. By shifting the model from guesswork to validation, Aptori is betting that deterministic, explainable findings will become the new standard.

For enterprises, the stakes are high. Reducing false positives doesn’t just save time—it can be the difference between catching a real exploit early or letting it slip into production. With AI Triage now generally available, the question is less whether enterprises will adopt agentic AI in security, and more how quickly they can weave it into their development lifecycles.

More details are available at aptori.com.